Fix possible signedness issue in time comparison

2024-11-22 17:15:38 +01:00 · 2015-05-20 11:41:36 +02:00 · 2015-05-20 11:41:36 +02:00 · 8eff512274
commit 8eff512274
parent 0849a0a910
1 changed files with 9 additions and 4 deletions
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@ -387,11 +387,16 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
        goto cleanup;

 #if defined(MBEDTLS_HAVE_TIME)
-    /* Check if still valid */
-    if( ( time( NULL) - session->start ) > ctx->ticket_lifetime )
    {
-        ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
-        goto cleanup;
+        /* Check for expiration */
+        time_t current_time = time( NULL );
+
+        if( current_time < session->start ||
+            (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime )
+        {
+            ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
+            goto cleanup;
+        }
    }
 #endif